12.5

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-30	CVE-2021-41288	SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. network low complexity zohocorp CWE-89	7.5
2021-04-22	CVE-2021-3287	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. network low complexity zohocorp CWE-502	7.5
2021-04-01	CVE-2021-20078	Path Traversal vulnerability in Zohocorp Manageengine Opmanager Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. network low complexity zohocorp CWE-22 critical	9.4
2021-02-03	CVE-2020-28653	Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. network low complexity zohocorp	7.5
2020-06-04	CVE-2020-13818	Path Traversal vulnerability in Zohocorp Manageengine Opmanager In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. network low complexity zohocorp CWE-22	5.0
2020-05-07	CVE-2020-12116	Information Exposure vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. network low complexity zohocorp CWE-200	5.0
2020-04-20	CVE-2020-11946	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager 12.5 Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. network low complexity zohocorp CWE-306	7.5